March 31, 2014 03:03 · November 4, 2013 22:23 · October 30, 2013 03:26 · September 17, 2013 16:04 · October 25, 2012 01:41 · March 9, 2012 17:29
 $ curl -k "https://cake.localhost.com/tasks/aaa%27;%3Cimg%20src=%27a%27%20onerror=%27alert%28%22XSS%22%29%27/"
 <!DOCTYPE html>
 <html>
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />	<title>
 		CakePHP: the rapid development php framework:
 		Errors	</title>
 	<link href="/favicon.ico" type="image/x-icon" rel="icon" /><link href="/favicon.ico" type="image/x-icon" rel="shortcut icon" /><link rel="stylesheet" type="text/css" href="/css/cake.generic.css" /></head>
 <body>
 	<div id="container">
 diff --git a/Cake/ORM/BehaviorRegistry.php b/Cake/ORM/BehaviorRegistry.php
 index db1aa77..06d2d63 100644
 --- a/Cake/ORM/BehaviorRegistry.php
 +++ b/Cake/ORM/BehaviorRegistry.php
 @@ -14,6 +14,7 @@
  */
 namespace Cake\ORM;
 
 +use Cake\Cache\Cache;
 use Cake\Core\App;

 TL;DR Based on the assumptions below, the current cron strategy will be viable for a very very long time. In a worst case scenario, until we have 125,000 users paying through iOS.

 At our last sprint demo, Mike and Warren asked about the scaling limits of the re-verification cron.

 Assumptions:

 * Reverifying each receipt will have a mean transaction time of 2seconds. This is higher than our initial estimates to allow some additional buffer room.
 * Our IOS subscription patterns will have a similar histogram as our Payflow signups.
 * We are ok with cron running for 18hrs consecutively. I chose 18hrs as I can only assume it will take several months to schedule a team to fix the issue in the future.
 diff --git a/src/xmpp.coffee b/src/xmpp.coffee
 index 69d4931..6c325ca 100644
 --- a/src/xmpp.coffee
 +++ b/src/xmpp.coffee
 @@ -13,6 +13,7 @@ class XmppBot extends Adapter
       rooms:    @parseRooms process.env.HUBOT_XMPP_ROOMS.split(',')
       keepaliveInterval: 30000 # ms interval to send whitespace to xmpp server
       legacySSL: process.env.HUBOT_XMPP_LEGACYSSL
 +      preferredSaslMechanism: process.env.HUBOT_XMPP_PREFERRED_SASL_MECHANISM
 
 I have my model here:

 // transactionmodel.js
 function TransactionModel() {
    var pg = require('pg');
    var connectionString = "pg://chartjes:******@localhost:5432/ibl_stats";
    this.client = new pg.Client(connectionString);
    this.client.connect();

 	this.getCurrent = function(callback) {
 // Front controller for our API

 var application_root = __dirname;
 var express = require("express");
 var path = require("path");
 var pg = require('pg');
 var app = express.createServer();
 var model = require('transactionmodel);

 var tm = new model.TransactionModel(pg);
 	public function test() {
 		$this->autoRender = false;

 		$data = array(
 			array(
 				'Article' => array(
 					'id' => '1',
 					'user_id' => '1',
 					'title' => 'First Article',
 					'body' => 'First Article Body'
 http://jenkins/view/Radiator/api/json?tree=jobs[name,color,buildable,healthReport[description,score,iconUrl],builds[culprits[fullName],changeSet[items[msg]]]]

 var fs = require('fs');

 function readFiveBytes(filePosition) {
 	var readFile = function (err, fd) {
 		if (err) {
 			console.log(err.message);
 			return;
 		}
	$ curl -k "https://cake.localhost.com/tasks/aaa%27;%3Cimg%20src=%27a%27%20onerror=%27alert%28%22XSS%22%29%27/"
	<!DOCTYPE html>
	<html>
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>
	CakePHP: the rapid development php framework:
	Errors </title>
	<link href="/favicon.ico" type="image/x-icon" rel="icon" /><link href="/favicon.ico" type="image/x-icon" rel="shortcut icon" /><link rel="stylesheet" type="text/css" href="/css/cake.generic.css" /></head>
	<body>
	<div id="container">
	diff --git a/Cake/ORM/BehaviorRegistry.php b/Cake/ORM/BehaviorRegistry.php
	index db1aa77..06d2d63 100644
	--- a/Cake/ORM/BehaviorRegistry.php
	+++ b/Cake/ORM/BehaviorRegistry.php
	@@ -14,6 +14,7 @@
	*/
	namespace Cake\ORM;

	+use Cake\Cache\Cache;
	use Cake\Core\App;

	TL;DR Based on the assumptions below, the current cron strategy will be viable for a very very long time. In a worst case scenario, until we have 125,000 users paying through iOS.

	At our last sprint demo, Mike and Warren asked about the scaling limits of the re-verification cron.

	Assumptions:

	* Reverifying each receipt will have a mean transaction time of 2seconds. This is higher than our initial estimates to allow some additional buffer room.
	* Our IOS subscription patterns will have a similar histogram as our Payflow signups.
	* We are ok with cron running for 18hrs consecutively. I chose 18hrs as I can only assume it will take several months to schedule a team to fix the issue in the future.
	diff --git a/src/xmpp.coffee b/src/xmpp.coffee
	index 69d4931..6c325ca 100644
	--- a/src/xmpp.coffee
	+++ b/src/xmpp.coffee
	@@ -13,6 +13,7 @@ class XmppBot extends Adapter
	rooms: @parseRooms process.env.HUBOT_XMPP_ROOMS.split(',')
	keepaliveInterval: 30000 # ms interval to send whitespace to xmpp server
	legacySSL: process.env.HUBOT_XMPP_LEGACYSSL
	+ preferredSaslMechanism: process.env.HUBOT_XMPP_PREFERRED_SASL_MECHANISM
	I have my model here:

	// transactionmodel.js
	function TransactionModel() {
	var pg = require('pg');
	var connectionString = "pg://chartjes:******@localhost:5432/ibl_stats";
	this.client = new pg.Client(connectionString);
	this.client.connect();

	this.getCurrent = function(callback) {
	// Front controller for our API

	var application_root = __dirname;
	var express = require("express");
	var path = require("path");
	var pg = require('pg');
	var app = express.createServer();
	var model = require('transactionmodel);

	var tm = new model.TransactionModel(pg);
	public function test() {
	$this->autoRender = false;

	$data = array(
	array(
	'Article' => array(
	'id' => '1',
	'user_id' => '1',
	'title' => 'First Article',
	'body' => 'First Article Body'

	var fs = require('fs');

	function readFiveBytes(filePosition) {
	var readFile = function (err, fd) {
	if (err) {
	console.log(err.message);
	return;
	}